Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/transformers@3.1.0
Typepypi
Namespace
Nametransformers
Version3.1.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.53.0
Latest_non_vulnerable_version4.53.0
Affected_by_vulnerabilities
0
url VCID-6jzg-ptkc-zfge
vulnerability_id VCID-6jzg-ptkc-zfge
summary 
Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the handling of model files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25012.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11394.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11394.json
1
reference_url https://github.com/huggingface/transformers
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/huggingface/transformers
2
reference_url https://github.com/huggingface/transformers/issues/34840
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/huggingface/transformers/issues/34840
3
reference_url https://github.com/huggingface/transformers/pull/35296
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/huggingface/transformers/pull/35296
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/transformers/PYSEC-2024-229.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/transformers/PYSEC-2024-229.yaml
5
reference_url https://www.zerodayinitiative.com/advisories/ZDI-24-1515
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.zerodayinitiative.com/advisories/ZDI-24-1515
6
reference_url https://www.zerodayinitiative.com/advisories/ZDI-24-1515/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://www.zerodayinitiative.com/advisories/ZDI-24-1515/
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2328333
reference_id 2328333
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2328333
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-11394
reference_id CVE-2024-11394
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-11394
9
reference_url https://github.com/advisories/GHSA-hxxf-235m-72v3
reference_id GHSA-hxxf-235m-72v3
reference_type
scores
url https://github.com/advisories/GHSA-hxxf-235m-72v3
fixed_packages
0
url pkg:pypi/transformers@4.48.0
purl pkg:pypi/transformers@4.48.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7chd-q1tt-7fck
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/transformers@4.48.0
aliases CVE-2024-11394, GHSA-hxxf-235m-72v3, PYSEC-2024-229
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6jzg-ptkc-zfge
1
url VCID-6wnz-1qbk-x3av
vulnerability_id VCID-6wnz-1qbk-x3av
summary Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.
references
0
reference_url https://github.com/huggingface/transformers
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/huggingface/transformers
1
reference_url https://github.com/huggingface/transformers/commit/1d63b0ec361e7a38f1339385e8a5a855085532ce
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/huggingface/transformers/commit/1d63b0ec361e7a38f1339385e8a5a855085532ce
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/transformers/PYSEC-2023-301.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/transformers/PYSEC-2023-301.yaml
3
reference_url https://huntr.com/bounties/e1a3e548-e53a-48df-b708-9ee62140963c
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://huntr.com/bounties/e1a3e548-e53a-48df-b708-9ee62140963c
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-7018
reference_id CVE-2023-7018
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-7018
5
reference_url https://github.com/advisories/GHSA-v68g-wm8c-6x7j
reference_id GHSA-v68g-wm8c-6x7j
reference_type
scores
url https://github.com/advisories/GHSA-v68g-wm8c-6x7j
fixed_packages
0
url pkg:pypi/transformers@4.36.0
purl pkg:pypi/transformers@4.36.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6jzg-ptkc-zfge
1
vulnerability VCID-7chd-q1tt-7fck
2
vulnerability VCID-aud4-pr4h-r3er
3
vulnerability VCID-mj4x-79x9-83ax
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/transformers@4.36.0
aliases CVE-2023-7018, GHSA-v68g-wm8c-6x7j, PYSEC-2023-301
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6wnz-1qbk-x3av
2
url VCID-7chd-q1tt-7fck
vulnerability_id VCID-7chd-q1tt-7fck
summary A vulnerability in the `preprocess_string()` function of the `transformers.testing_utils` module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service (ReDoS) attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leading to exponential backtracking when processing input with a large number of newline characters. An attacker can exploit this by providing a specially crafted payload, causing high CPU usage and potential application downtime, effectively resulting in a Denial of Service (DoS) scenario.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2099.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2099.json
1
reference_url https://github.com/huggingface/transformers
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/huggingface/transformers
2
reference_url https://github.com/huggingface/transformers/commit/8cb522b4190bd556ce51be04942720650b1a3e57
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/huggingface/transformers/commit/8cb522b4190bd556ce51be04942720650b1a3e57
3
reference_url https://github.com/huggingface/transformers/pull/36648
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/huggingface/transformers/pull/36648
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/transformers/PYSEC-2025-40.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/transformers/PYSEC-2025-40.yaml
5
reference_url https://huntr.com/bounties/97b780f3-ffca-424f-ad5d-0e1c57a5bde4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.com/bounties/97b780f3-ffca-424f-ad5d-0e1c57a5bde4
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2367239
reference_id 2367239
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2367239
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-2099
reference_id CVE-2025-2099
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-2099
8
reference_url https://github.com/advisories/GHSA-qq3j-4f4f-9583
reference_id GHSA-qq3j-4f4f-9583
reference_type
scores
url https://github.com/advisories/GHSA-qq3j-4f4f-9583
9
reference_url https://access.redhat.com/errata/RHSA-2025:12791
reference_id RHSA-2025:12791
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:12791
fixed_packages
0
url pkg:pypi/transformers@4.50.0
purl pkg:pypi/transformers@4.50.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/transformers@4.50.0
1
url pkg:pypi/transformers@4.49.0
purl pkg:pypi/transformers@4.49.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-msje-w8r1-wkh8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/transformers@4.49.0
aliases CVE-2025-2099, GHSA-qq3j-4f4f-9583, PYSEC-2025-40
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7chd-q1tt-7fck
3
url VCID-aud4-pr4h-r3er
vulnerability_id VCID-aud4-pr4h-r3er
summary 
Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the handling of configuration files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-24322.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11392.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11392.json
1
reference_url https://github.com/huggingface/transformers
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/huggingface/transformers
2
reference_url https://github.com/huggingface/transformers/issues/34840
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/huggingface/transformers/issues/34840
3
reference_url https://github.com/huggingface/transformers/pull/35296
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/huggingface/transformers/pull/35296
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/transformers/PYSEC-2024-227.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/transformers/PYSEC-2024-227.yaml
5
reference_url https://www.zerodayinitiative.com/advisories/ZDI-24-1513
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.zerodayinitiative.com/advisories/ZDI-24-1513
6
reference_url https://www.zerodayinitiative.com/advisories/ZDI-24-1513/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://www.zerodayinitiative.com/advisories/ZDI-24-1513/
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2328351
reference_id 2328351
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2328351
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-11392
reference_id CVE-2024-11392
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-11392
9
reference_url https://github.com/advisories/GHSA-qxrp-vhvm-j765
reference_id GHSA-qxrp-vhvm-j765
reference_type
scores
url https://github.com/advisories/GHSA-qxrp-vhvm-j765
fixed_packages
0
url pkg:pypi/transformers@4.48.0
purl pkg:pypi/transformers@4.48.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7chd-q1tt-7fck
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/transformers@4.48.0
aliases CVE-2024-11392, GHSA-qxrp-vhvm-j765, PYSEC-2024-227
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aud4-pr4h-r3er
4
url VCID-mj4x-79x9-83ax
vulnerability_id VCID-mj4x-79x9-83ax
summary 
Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of model files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25191.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11393.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11393.json
1
reference_url https://github.com/huggingface/transformers
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/huggingface/transformers
2
reference_url https://github.com/huggingface/transformers/issues/34840
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/huggingface/transformers/issues/34840
3
reference_url https://github.com/huggingface/transformers/pull/35296
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/huggingface/transformers/pull/35296
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/transformers/PYSEC-2024-228.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/transformers/PYSEC-2024-228.yaml
5
reference_url https://www.zerodayinitiative.com/advisories/ZDI-24-1514
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.zerodayinitiative.com/advisories/ZDI-24-1514
6
reference_url https://www.zerodayinitiative.com/advisories/ZDI-24-1514/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://www.zerodayinitiative.com/advisories/ZDI-24-1514/
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2328394
reference_id 2328394
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2328394
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-11393
reference_id CVE-2024-11393
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-11393
9
reference_url https://github.com/advisories/GHSA-wrfc-pvp9-mr9g
reference_id GHSA-wrfc-pvp9-mr9g
reference_type
scores
url https://github.com/advisories/GHSA-wrfc-pvp9-mr9g
fixed_packages
0
url pkg:pypi/transformers@4.48.0
purl pkg:pypi/transformers@4.48.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7chd-q1tt-7fck
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/transformers@4.48.0
aliases CVE-2024-11393, GHSA-wrfc-pvp9-mr9g, PYSEC-2024-228
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mj4x-79x9-83ax
5
url VCID-re51-pz3b-xbc5
vulnerability_id VCID-re51-pz3b-xbc5
summary Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.
references
0
reference_url https://github.com/huggingface/transformers
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/huggingface/transformers
1
reference_url https://github.com/huggingface/transformers/commit/1d63b0ec361e7a38f1339385e8a5a855085532ce
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/huggingface/transformers/commit/1d63b0ec361e7a38f1339385e8a5a855085532ce
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/transformers/PYSEC-2023-300.yaml
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/transformers/PYSEC-2023-300.yaml
3
reference_url https://huntr.com/bounties/423611ee-7a2a-442a-babb-3ed2f8385c16
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://huntr.com/bounties/423611ee-7a2a-442a-babb-3ed2f8385c16
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-6730
reference_id CVE-2023-6730
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-6730
5
reference_url https://github.com/advisories/GHSA-3863-2447-669p
reference_id GHSA-3863-2447-669p
reference_type
scores
url https://github.com/advisories/GHSA-3863-2447-669p
fixed_packages
0
url pkg:pypi/transformers@4.36.0
purl pkg:pypi/transformers@4.36.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6jzg-ptkc-zfge
1
vulnerability VCID-7chd-q1tt-7fck
2
vulnerability VCID-aud4-pr4h-r3er
3
vulnerability VCID-mj4x-79x9-83ax
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/transformers@4.36.0
aliases CVE-2023-6730, GHSA-3863-2447-669p, PYSEC-2023-300
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-re51-pz3b-xbc5
6
url VCID-smqc-ecxk-eqe6
vulnerability_id VCID-smqc-ecxk-eqe6
summary Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0.
references
0
reference_url https://github.com/huggingface/transformers
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/huggingface/transformers
1
reference_url https://github.com/huggingface/transformers/commit/80ca92470938bbcc348e2d9cf4734c7c25cb1c43
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/huggingface/transformers/commit/80ca92470938bbcc348e2d9cf4734c7c25cb1c43
2
reference_url https://github.com/huggingface/transformers/pull/23372
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/huggingface/transformers/pull/23372
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/transformers/PYSEC-2023-299.yaml
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/transformers/PYSEC-2023-299.yaml
4
reference_url https://huntr.dev/bounties/a3867b4e-6701-4418-8c20-3c6e7084a44a
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/a3867b4e-6701-4418-8c20-3c6e7084a44a
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2800
reference_id CVE-2023-2800
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-2800
6
reference_url https://github.com/advisories/GHSA-282v-666c-3fvg
reference_id GHSA-282v-666c-3fvg
reference_type
scores
url https://github.com/advisories/GHSA-282v-666c-3fvg
fixed_packages
0
url pkg:pypi/transformers@4.30.0
purl pkg:pypi/transformers@4.30.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6jzg-ptkc-zfge
1
vulnerability VCID-6wnz-1qbk-x3av
2
vulnerability VCID-7chd-q1tt-7fck
3
vulnerability VCID-aud4-pr4h-r3er
4
vulnerability VCID-mj4x-79x9-83ax
5
vulnerability VCID-re51-pz3b-xbc5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/transformers@4.30.0
aliases CVE-2023-2800, GHSA-282v-666c-3fvg, PYSEC-2023-299
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-smqc-ecxk-eqe6
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/transformers@3.1.0